1
|
|
|
<?php |
2
|
|
|
|
3
|
|
|
namespace Zwartpet\PHPCertificateToolbox; |
4
|
|
|
|
5
|
|
|
use Zwartpet\PHPCertificateToolbox\Exception\LogicException; |
6
|
|
|
use Zwartpet\PHPCertificateToolbox\Exception\RuntimeException; |
7
|
|
|
|
8
|
|
|
/** |
9
|
|
|
* LetsEncrypt Functions class, supplying the LetsEncrypt Client with supportive functions. |
10
|
|
|
* |
11
|
|
|
* @author Youri van Weegberg <[email protected]> |
12
|
|
|
* @copyright 2018 Youri van Weegberg |
13
|
|
|
* @license https://opensource.org/licenses/mit-license.php MIT License |
14
|
|
|
*/ |
15
|
|
|
class LEFunctions |
16
|
|
|
{ |
17
|
|
|
/** |
18
|
|
|
* Generates a new RSA keypair and returns both |
19
|
|
|
* |
20
|
|
|
* @param integer $keySize RSA key size, must be between 2048 and 4096 (default is 4096) |
21
|
|
|
* @return array containing public and private indexes containing the new keys |
22
|
|
|
*/ |
23
|
50 |
|
public static function RSAGenerateKeys($keySize = 4096) |
24
|
|
|
{ |
25
|
|
|
|
26
|
50 |
|
if ($keySize < 2048 || $keySize > 4096) { |
27
|
2 |
|
throw new LogicException("RSA key size must be between 2048 and 4096"); |
28
|
|
|
} |
29
|
|
|
|
30
|
48 |
|
$res = openssl_pkey_new([ |
31
|
48 |
|
"private_key_type" => OPENSSL_KEYTYPE_RSA, |
32
|
48 |
|
"private_key_bits" => intval($keySize), |
33
|
|
|
]); |
34
|
|
|
|
35
|
48 |
|
if (!openssl_pkey_export($res, $privateKey)) { |
36
|
|
|
throw new RuntimeException("RSA keypair export failed!"); //@codeCoverageIgnore |
37
|
|
|
} |
38
|
|
|
|
39
|
48 |
|
$details = openssl_pkey_get_details($res); |
40
|
|
|
|
41
|
48 |
|
$result = ['public' => $details['key'], 'private' => $privateKey]; |
42
|
|
|
|
43
|
48 |
|
openssl_pkey_free($res); |
44
|
|
|
|
45
|
48 |
|
return $result; |
46
|
|
|
} |
47
|
|
|
|
48
|
|
|
|
49
|
|
|
/** |
50
|
|
|
* Generates a new EC prime256v1 keypair and saves both keys to a new file. |
51
|
|
|
* |
52
|
|
|
* @param integer $keySize EC key size, possible values are 256 (prime256v1) or 384 (secp384r1), |
53
|
|
|
* default is 256 |
54
|
|
|
* @return array containing public and private indexes containing the new keys |
55
|
|
|
*/ |
56
|
34 |
|
public static function ECGenerateKeys($keySize = 256) |
57
|
|
|
{ |
58
|
34 |
|
if (version_compare(PHP_VERSION, '7.1.0') == -1) { |
59
|
|
|
throw new RuntimeException("PHP 7.1+ required for EC keys"); //@codeCoverageIgnore |
60
|
|
|
} |
61
|
|
|
|
62
|
34 |
|
if ($keySize == 256) { |
63
|
30 |
|
$res = openssl_pkey_new([ |
64
|
30 |
|
"private_key_type" => OPENSSL_KEYTYPE_EC, |
65
|
30 |
|
"curve_name" => "prime256v1", |
66
|
|
|
]); |
67
|
4 |
|
} elseif ($keySize == 384) { |
68
|
2 |
|
$res = openssl_pkey_new([ |
69
|
2 |
|
"private_key_type" => OPENSSL_KEYTYPE_EC, |
70
|
2 |
|
"curve_name" => "secp384r1", |
71
|
|
|
]); |
72
|
|
|
} else { |
73
|
2 |
|
throw new LogicException("EC key size must be 256 or 384"); |
74
|
|
|
} |
75
|
|
|
|
76
|
|
|
|
77
|
32 |
|
if (!openssl_pkey_export($res, $privateKey)) { |
78
|
|
|
throw new RuntimeException("EC keypair export failed!"); //@codeCoverageIgnore |
79
|
|
|
} |
80
|
|
|
|
81
|
32 |
|
$details = openssl_pkey_get_details($res); |
82
|
|
|
|
83
|
32 |
|
$result = ['public' => $details['key'], 'private' => $privateKey]; |
84
|
|
|
|
85
|
32 |
|
openssl_pkey_free($res); |
86
|
|
|
|
87
|
32 |
|
return $result; |
88
|
|
|
} |
89
|
|
|
|
90
|
|
|
|
91
|
|
|
/** |
92
|
|
|
* Encodes a string input to a base64 encoded string which is URL safe. |
93
|
|
|
* |
94
|
|
|
* @param string $input The input string to encode. |
95
|
|
|
* |
96
|
|
|
* @return string Returns a URL safe base64 encoded string. |
97
|
|
|
*/ |
98
|
22 |
|
public static function base64UrlSafeEncode($input) |
99
|
|
|
{ |
100
|
22 |
|
return str_replace('=', '', strtr(base64_encode($input), '+/', '-_')); |
101
|
|
|
} |
102
|
|
|
|
103
|
|
|
/** |
104
|
|
|
* Decodes a string that is URL safe base64 encoded. |
105
|
|
|
* |
106
|
|
|
* @param string $input The encoded input string to decode. |
107
|
|
|
* |
108
|
|
|
* @return string Returns the decoded input string. |
109
|
|
|
*/ |
110
|
2 |
|
public static function base64UrlSafeDecode($input) |
111
|
|
|
{ |
112
|
2 |
|
$remainder = strlen($input) % 4; |
113
|
2 |
|
if ($remainder) { |
114
|
2 |
|
$padlen = 4 - $remainder; |
115
|
2 |
|
$input .= str_repeat('=', $padlen); |
116
|
|
|
} |
117
|
2 |
|
return base64_decode(strtr($input, '-_', '+/')); |
118
|
|
|
} |
119
|
|
|
} |
120
|
|
|
|